[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#27429: Stack clash (CVE-2017-1000366 etc)
From: |
Leo Famulari |
Subject: |
bug#27429: Stack clash (CVE-2017-1000366 etc) |
Date: |
Mon, 19 Jun 2017 20:42:05 -0400 |
User-agent: |
Mutt/1.8.3 (2017-05-23) |
On Mon, Jun 19, 2017 at 07:05:10PM -0400, Leo Famulari wrote:
> I'm currently testing the patch for CVE-2017-1000369 in Exim:
>
> https://git.exim.org/exim.git/commit/65e061b76867a9ea7aeeb535341b790b90ae6c21
>
> "To reach the start of the stack with the end of the heap (man brk), we
> permanently leak memory through multiple -p command-line arguments that
> are malloc()ated by Exim but never free()d (CVE-2017-1000369) -- we call
> such a malloc()ated chunk of heap memory a "memleak-chunk"."
>
> https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
Pushed as 4dd8d280857607d1ee41ae03c62c5e629ad75c37.
signature.asc
Description: PGP signature
- bug#27429: Stack clash (CVE-2017-1000366 etc), Leo Famulari, 2017/06/19
- bug#27429: Stack clash (CVE-2017-1000366 etc), Leo Famulari, 2017/06/19
- bug#27429: Stack clash (CVE-2017-1000366 etc),
Leo Famulari <=
- bug#27429: Stack clash (CVE-2017-1000366 etc), Leo Famulari, 2017/06/19
- bug#27429: Stack clash (CVE-2017-1000366 etc), Efraim Flashner, 2017/06/20
- bug#27429: Stack clash (CVE-2017-1000366 etc), Leo Famulari, 2017/06/20
- bug#27429: Stack clash (CVE-2017-1000366 etc), Mark H Weaver, 2017/06/20
- bug#27429: Stack clash (CVE-2017-1000366 etc), Efraim Flashner, 2017/06/21
- bug#27429: Stack clash (CVE-2017-1000366 etc), Efraim Flashner, 2017/06/21
- bug#27429: Stack clash (CVE-2017-1000366 etc), Leo Famulari, 2017/06/21
- bug#27429: Stack clash (CVE-2017-1000366 etc), Leo Famulari, 2017/06/21
- bug#27429: Stack clash (CVE-2017-1000366 etc), Mark H Weaver, 2017/06/22
- bug#27429: Stack clash (CVE-2017-1000366 etc), Leo Famulari, 2017/06/22